Upgrade to Pro — share decks privately, control downloads, hide ads and more …

X-Ray of Malware Evasion Techniques: Analysis, ...

Thomas Roccia
November 21, 2022
Technology
3
920

X-Ray of Malware Evasion Techniques: Analysis, Dissection, Cure?

This presentation has been presented at Bsides Sydney (https://bsidessydney.org/)

Malware evasion consists of techniques used by malware to bypass security in place, circumvent automated and static analysis as well as avoiding detection and harden reverse engineering. There is a broad specter of techniques that can be used. In this talk we will review the history of malware evasion techniques, understand the latest trends currently used by threat actors and bolster your security analysis skills by getting more knowledge about evasion mechanisms.

Thomas Roccia

November 21, 2022
Tweet

More Decks by Thomas Roccia

See All by Thomas Roccia
The XZ Backdoor Story
fr0gger
0
4.2k
Prompt Engineering for Threat Intelligence
fr0gger
1
270
State-Sponsored Financially Motivated Attacks
fr0gger
0
670
Binary Instrumentation for Malware Analysis
fr0gger
2
1.5k
Conti Leaks: Practical walkthrough and what can we learn from it
fr0gger
0
960
Sharing is Caring: Sharing Threat Intelligence Notebook Edition
fr0gger
0
1.9k
Code Graphology
fr0gger
0
720
AISA - Practical Threat Intelligence
fr0gger
0
1.3k
Hermetic Wiper Infographic
fr0gger
1
850

Other Decks in Technology

See All in Technology
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
1
1k
組織成長を加速させるオンボーディングの取り組み
sudoakiy
2
210
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
日経電子版のStoreKit2フルリニューアル
shimastripe
1
140
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
Lambdaと地方とコミュニティ
miu_crescent
2
370
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
170
アプリエンジニアのためのGraphQL入門.pdf
spycwolf
0
100
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
150
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
210
Flutterによる 効率的なAndroid・iOS・Webアプリケーション開発の事例
recruitengineers
PRO
0
120

Featured

See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
The Cult of Friendly URLs
andyhume
78
6k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
130
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
16k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
How to Ace a Technical Interview
jacobian
276
23k
Typedesign – Prime Four
hannesfritz
40
2.4k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
Why Our Code Smells
bkeepers
PRO
334
57k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k

Transcript

  1. None
  2. None
  3. None

  4. What are Evasion Techniques? Practical examples and current trends How

    can you step up on that topic? The power of information sharing

  5. All the techniques used by a a software to avoid

    static, dynamic, automatic and human analysis in order to understand its behavior All the techniques used by malware to avoid and evade security solutions, security configuration as well as human detection to perform malicious action the longer on the infected computer.

  6. In Mitre ATT&CK, the Defense Evasion section is the most

    dominant tactic For attackers, the longer the malware remains undetected the longer they can perform actions For defenders, the sooner the malware is detected the less damage it will cause
  7. None

  8. Anti Security techniques Anti Sandboxing techniques Anti Analyst techniques

  9. Infection Vectors Malware Delivery Malware Behavior Actions on Objectives

  10. Malicious Doc Obfuscated Macro Powershell Base64 encoded Dropping Emotet

  11. Binded with legit Software Fake Metadata

  12. Fake Operations to harden reverse engineering and delay sandbox Anti-disassembly

    with Code Spaghetti

  13. Encrypted data related to host sent to multiple C2 Multiple

    Network Connections not available in the binary

  14. 2015 2016 2017 2019 2020 2021 2022 Creation of Unprotect

    Project First public release at Botconf Creation of the Unprotect POC BlackHat ASIA @DarkCoderSc joined the project Redesign, includes detection rules and code snippets API Engine, statistics

  15. Community centric open project dedicated to cataloguing malware evasion techniques

    Includes detection rules (Yara, Sigma, Capa) and code snippets Extends the Mitre ATTT&CK Defense Evasion Section Share and improve knowledge about evasion mechanisms Propose a detailed classification
  16. None
  17. None
  18. None
  19. None

  20. Malware Evasion Techniques are used by malware to avoid detection

    and analysis These techniques are highly regarded by threat actors. The Unprotect Project is a database dedicated to it and provide the broadest knowledge about evasion techniques.
  21. None